<?php
/**
 * cloud-init script for pfSense on Proxmox VE
 * 
 * The script does a pfSense configuration in that manner:
 * 1. looks for an available cloud-init drive and mount it to /etc/cloud-init
 * 2. compares the cloud-init files on the cloud-init drive by a local copy placed in /etc/cloud-init
 *    and ends without changing anything if the files on both location are similar
 * 3. parses the cloud-init YAML files and prepare and set the given values to pfSense config array
 * 4. write the pfSense configuration and reboot the instance
 * HowTo install:
 * 1. get a copy of the YAML parse from https://github.com/mustangostang/spyc/ and place it to /usr/local/sbin
 * 2. place a copy of proxmox_cloud-init.php also to /usr/local/sbin
 * HowTo use:
 * 1. attach a cloud-init drive to the pfSense VM
 * 2. create a startupscript
 * 
 * @version 0.9
 * @author Andre Genrich andre.genrich@thurdata.ch
 */
require_once('Spyc.php');                                                      // yaml parser
require_once('config.inc');                                                    // pfSense configuration structures
require_once('system.inc');                                                    // pfSense system utilities
$cloudInitFiles = array('meta-data', 'network-config', 'user-data');           // provided by Proxmox
$cloudInitLocalPath = '/etc/cloud-init';
$cloudInitMountPoint = '/mnt/cloud-init';
/**
 * compares the cloud-init files
 * 
 * conpares the cloud-init drive by a local copy and
 * update the local copy in case of changes
 * or if the local copy does not exist
 * 
 * @param array $cloudInitFiles an array of filenames created by Proxmox
 * @param string $cloudInitLocalPath the local path to place the copy of cloud-init files
 * @param string $cloudInitMountPoint the location where the cloud-init image is mounted
 * @return bool true in case of updates, false in case of all is up to date 
 */
function updateCloudInitFiles( $cloudInitFiles, $cloudInitLocalPath, $cloudInitMountPoint) {
	$cloudInitFileDiff = false;
	// create /etc/cloud-init if not exist
	if (!is_dir("$cloudInitLocalPath")) {
		if (!mkdir ( "$cloudInitLocalPath", 0770, TRUE)) {
			$sys_err= error_get_last();
			echo "cloud-init failed: $sys_err[type] $sys_err[message]\n";
			syslog(LOG_ERR,"cloud-init failed: $sys_err[type] $sys_err[message]");
			exit(1);
		}
	}
	// check for updated config files and update the local copy in case of differs
	foreach ( $cloudInitFiles as $cloudInitFile ) {
		if (!((sha1_file("$cloudInitLocalPath/$cloudInitFile")) == (sha1_file("$cloudInitMountPoint/$cloudInitFile")))) {
			if (!copy("$cloudInitMountPoint/$cloudInitFile", "$cloudInitLocalPath/$cloudInitFile")) {
				$sys_err = error_get_last();
				syslog(LOG_ERR,"cloud-init failed: $sys_err[type] $sys_err[message]");
				exit(1);
			} else {
				$cloudInitFileDiff = true;
			}
		}
	}
	return $cloudInitFileDiff;
}
/**
 * probes existence of all necessary cloud-init files
 * 
 * @param array $cloudInitFiles an array of filenames created by Proxmox
 * @param string $cloudInitPath the location where the cloud-init files should be
 * @return bool true in case of all files are in place or false if something missing
 */
function checkCloudInitFiles( $cloudInitFiles, $cloudInitPath) {
	foreach($cloudInitFiles as $cloudInitFile) {
		if (!file_exists("$cloudInitPath/$cloudInitFile")) {
			return false;
		}
	}
	return true;
}
/**
 * search for a cloud-init drive
 * 
 * probes any attached cd device for existing cloud-init files
 * mounts the drive to /mnt/cloud-init and probes that all neccessary cloud-init files exist
 * 
 * @param array $cloudInitFiles an array of filenames created by Proxmox
 * @param string $cloudInitMountPoint the mountpoint for cloud-init drive
 * @return bool true in case of success, fals in case of no cloud-init drive could found
 */
function checkCloudInitDevice( $cloudInitFiles, $cloudInitMountPoint) {
	// get attached cd devices
	preg_match_all( "/.*cd[0-9] /", file_get_contents('/var/run/dmesg.boot'), $cdDeviceList);
	if (empty($cdDeviceList[0])) {
		syslog(LOG_ERR,"cloud-init failed: No cloud-init drive found");
		exit(1);
	}
	if(!is_dir($cloudInitMountPoint)) {
		if(!mkdir($cloudInitMountPoint)) {
			syslog(LOG_ERR,"cloud-init failed: Cloud not create mountpoint $cloudInitMountPoint");
			exit(1);
		}
	}
	// check cloud-init iso is mounted or try to mount the cloud-init medium
	foreach($cdDeviceList[0] as $cdDevice) {
		// is a cd mounted on /mnt/cloud-init ?
		$sys_err_msg = exec("df $cloudInitMountPoint | grep -q /dev/$cdDevice 2>&1", $sys_msg, $sys_err_no);
		if ($sys_err_no) { // not mounted
			// try to mount the cd
			$mount_err = exec("mount_cd9660 /dev/$cdDevice $cloudInitMountPoint", $sys_msg, $sys_err_no);
			if (!$sys_err_no) {
				if (checkCloudInitFiles( $cloudInitFiles, $cloudInitMountPoint)) {
					syslog(LOG_INFO,"cloud-init: found cloud init drive on $cdDevice mounted at $cloudInitMountPoint/");
					return true;
				} else {
					$umount_err = exec("umount $cloudInitMountPoint", $sys_msg, $sys_err_no);
					if ($sys_err_no) {
						syslog(LOG_ERR,"cloud-init: mounted a wrong device $cdDevice but not able to umount because $sys_msg");
						return false;
					}
				}
			}
		} else { //already mounted (but not by us)
			if (checkCloudInitFiles( $cloudInitFiles, $cloudInitMountPoint)) {
				syslog(LOG_INFO,"cloud-init: found cloud init drive on $cdDevice at $cloudInitMountPoint/");
				return true;
			} else {
				syslog(LOG_ERR,"cloud-init: expected files on cloud init drive not found");
				return false;
			}
		}
	}
	return false;
}
/**
 * does a case insensitive search for a network device by given hardware address
 * 
 * @param string $mac hardware address
 * @return string $if[1] device name or false if no device could be found
 */
function searchIfDevice( $mac) {
	exec("ifconfig -a | awk '/^[a-z]/ { gsub(/\:/,\"\", $1); iface=$1; next } /hwaddr/ { mac=$2; print mac, iface}'", $ifMacList, $sys_err_no);
	foreach($ifMacList as $ifMac) {
		$if = explode(" ",$ifMac);
		if (strcasecmp("$if[0]", "$mac") == 0) {                               // case insensitive
			return $if[1];
		}
	}
	return false;
}
// search and mount the cloud-init image or exit 1
if (!checkCloudInitDevice( $cloudInitFiles, $cloudInitMountPoint)) {
	syslog(LOG_ERR,"cloud-init: no cloud init drive available, skipping...\n");
	exit(1);
}
// update the local copy of cloud-init files if there are any changes or exit 0
if (!(updateCloudInitFiles( $cloudInitFiles, $cloudInitLocalPath, $cloudInitMountPoint))) {
	syslog(LOG_INFO,"cloud-init: cloud init files up to date, skipping...\n");
	exit(0);
}
// parse cloud init configurations
// $metaData = Spyc::YAMLLoad("$cloudInitLocalPath/$cloudInitFiles[0]");       // meta-data (actually not in use)
$netData = Spyc::YAMLLoad("$cloudInitLocalPath/$cloudInitFiles[1]");           // network-config
$userData = Spyc::YAMLLoad("$cloudInitLocalPath/$cloudInitFiles[2]");          // user-data
// configure nameserver if set
$ifLastNr=(count($netData['config'])-1);                                       //  the YAML parser reurns a crappy array like this
if (reset($netData['config'][$ifLastNr]) == 'nameserver') {                    //  (
	next($netData['config'][$ifLastNr]);                                       //    [type] => nameserver
	$dnsServerCount = 0;                                                       //    [address] =>
	while($nameserverIP=next($netData['config'][$ifLastNr])) {                 //    [0] => 1.2.3.4
		$config['system']['dnsserver'][$dnsServerCount] = $nameserverIP;       //    [1] => 4.3.2.1
		$dnsServerCount++;                                                     //    [search] =>
	}                                                                          //    [2] => mydomain.local
	$config['system']['domain'] = next($netData['config'][$ifLastNr]);         //  )
}
// configure WAN interface
$wanDevice = searchIfDevice( $netData['config'][0]['mac_address']);
if (!$wanDevice) {
	syslog(LOG_ERR,"cloud-init: no WAN device found");
	exit(1);
} else {
	$config['interfaces']['wan']['if'] = $wanDevice;
}
if ($netData['config'][0][0]['type'] == 'static') {
	$config['interfaces']['wan']['ipaddr'] = $netData['config'][0][0]['address'];
	$config['interfaces']['wan']['subnet'] = 32 - log((ip2long($netData['config'][0][0]['netmask']) ^ ip2long('255.255.255.255')) + 1 ,2);
	$config['interfaces']['wan']['gateway'] = $netData['config'][0][0]['gateway'];
}
// configure primary LAN device
$lanDevice = searchIfDevice( $netData['config'][1]['mac_address']);
if (!$lanDevice) {
	syslog(LOG_ERR,"cloud-init: no LAN device found");
	exit(1);
} else {
	$config['interfaces']['lan']['if'] = $lanDevice;
}
if ($netData['config'][1][0]['type'] == 'static') {
	$config['interfaces']['lan']['ipaddr'] = $netData['config'][1][0]['address'];
	$config['interfaces']['lan']['subnet'] = 32 - log((ip2long($netData['config'][1][0]['netmask']) ^ ip2long('255.255.255.255')) + 1 ,2);
	$config['interfaces']['lan']['gateway'] = $netData['config'][1][0]['gateway'];
}
// configure additional network devices
if ($ifLastNr > 2) {
	for ($ifNr=2;$ifNr<$ifLastNr;$ifNr++) {
		$optDeviceName = "opt" . strval($ifNr-1);
		$optDevice = searchIfDevice( $netData['config'][$ifNr]['mac_address']);
		if (!$optDevice) {
			syslog(LOG_WARN,"cloud-init: given network device {$netData['config'][$ifNr]['mac_address']} not found");
			break;
		} else {
			$config['interfaces'][$optDeviceName]['if'] = $optDevice;
		}
		if ($netData['config'][$ifNr][0]['type'] == 'static') {
			$config['interfaces'][$optDeviceName]['ipaddr'] = $netData['config'][$ifNr][0]['address'];
			$config['interfaces'][$optDeviceName]['subnet'] = 32 - log((ip2long($netData['config'][$ifNr][0]['netmask']) ^ ip2long('255.255.255.255')) + 1 ,2);
			$config['interfaces'][$optDeviceName]['gateway'] = $netData['config'][$ifNr][0]['gateway'];
		}
	}
}
// add ssh keys
if (isset($userData['ssh_authorized_keys'])) {
	foreach ($userData[ssh_authorized_keys] as $sshKey) {
		$sshKeys .= "$sshKey\n";
	}
	$config['system']['user'][0]['authorizedkeys'] = base64_encode("$sshKeys");
}
$config['system']['hostname'] = $userData['hostname'];
$config['system']['user'][0]['bcrypt-hash'] = $userData['password'];
// write the configuration
write_config();
// finally reboot the system
system_reboot_sync();